Join over 2 million IT and cyber professionals advancing their careers

Video Transcription

Hello and welcome to this I t Security Policy Training from Cyber Eri.

00:05

This is Porter module to the Security Incident Policy with myself. Troy Lemaire

00:11

The learning objective for this is going to be about confirming an incident,

00:15

the incident response team and ownership and responsibilities.

00:24

Looking at this data breach response policy, it was created by sand. So it's another template that you can use to modify as needed

00:32

and the purpose of the policy.

00:34

It's established goals and vision for the breach response process

00:38

in a clear to find who applies it under what circumstances include the definition of a breach, staff roles and responsibilities

00:45

till the

00:47

organizations information security, intention for publishing a data breach response to focus significant attention on data security and data security breach and how the organization's established culture open distrust integrity should respond to such activities.

01:00

Is committed to protecting the employees, partners and the company from illegal or damaging action about individuals either knowingly or unknowingly.

01:11

Looking at the background. The policy mandates that any individual who suspects that a theft breach our exposure of protected data has occurred must immediately provide a description of what occurred. The email to and in this case you have the help desk, e mail and a phone number,

01:26

and you would want up update this information with the information that is relevant to your organization.

01:34

At that point, it says, the team will investigate all reported theft state reaching exposure to confirm if it has actually occurred.

01:40

If it has occurred, the Iast Security Administration will follow the appropriate procedures in place

01:47

with the scope of this policy applies to all who collect access, maintain information. Basically, anybody within an organization that is handling any type of P I or personal identifiable information r P h I personal health information.

02:06

Hey, so now that we're coming to actually the

02:10

verification of a breaches happen. Okay, Assumes the theft

02:15

has happened

02:15

has identified process removing all access that resource for began. The executive director will chair an incident response team to handle the breach

02:23

team will consist of these members. So again, this would be something that you would update for your organization to match with your

02:30

managers, directors, executives, whatever would be the highest level that you can have to put on this team.

02:38

If there is a confirmed theft, executive Derek will be notified of the theft

02:43

along with the designated forensic team and they were analyzed the breach exposure to determine the root cause.

02:50

Working with forensic investigators has provided by an organization Cyber Insurance, which if you don't have cyber security insurance,

02:55

I was highly, highly recommended. It will be what covers you and provide you with expertise that you need in the event of a breach.

03:04

But in this case, it says, then sure will need to provide access forensic investigators and experts that will determine how the breach occurred, the type of they'd involved. A number of individuals and systems that were impacted and then analyzed the breach and exposure. Determine the root cause.

03:21

Develop communication plan. Work with communications team, legal team and human resource is designed how to communicate the breach.

03:29

Now get in tow ownership in responsibilities So

03:31

your sponsors are the members of the community that our primary responsibility for maintaining any type of information resource

03:39

it could be designated by the executive in connection with the administration Respond responsibilities.

03:46

Information Security Administrator is that member of the organization,

03:50

UM provides administrative support for the implementation. Oversight of coordination of security procedures

03:55

usually include virtually all members of the organization

03:59

and the Incident Response Team shall be chaired by an executive management John Clue Bo not be limited to the following departments,

04:05

and this again is someplace that you would modify. What are the departments that you would want to be involved with this incident response team?

04:15

Any personal found in violation policy may be subject to disciplinary actions up to including termination of employment

04:20

in the third party partner company. Found violation may have their network connection terminated,

04:26

but these are the things that you want to put inside of your incident response plan.

04:33

So in summary in today's lecture, we discussed confirmed incident,

04:39

the Incident Response team and then ownership and responsibilities.

04:45

The Security and

04:46

incident policy. Recap Question. Who should you work with? Want to breach has occurred,

04:51

and that would be your insurance carrier and or your forensic investigators.

04:57

Next policy Recap Question. Who should chair the incident response team,

05:02

and this would be a member of executive management or as highs up as you could get within the organization to where it has the

05:11

leadership advisory

05:14

able to be able to look at the incident and be aware of it

05:18

looking far. Next lecture. We're going to cover another general policy. The disaster recovery policy.

05:25

If you have any questions for clarification about this policy or any of the training on cyber Harry, you can reach me on cyber. A message. My user name is that Troy Lemaire and thank you for attending this training on Cyber Eri.